An important theme that emerges from the HHS Office for Civil Rights' dozens of HIPAA settlements is that all aspects of compliance are critical and subject to close scrutiny by federal regulators, says former OCR director Leon Rodriguez.
The source code for the Mirai botnet has been updated to launch DDoS amplification/reflection attacks, although so far that capability hasn't been used, says Gary at Arbor Networks. Even so, DDoS defense planning remains essential.
The rapid evolution of malware and proliferation of solutions have created a state of chaos for security leaders, says Naveen Palavalli of Symantec. What strategy and solutions will help restore order to anti-malware defense?
The ability of artificial intelligence to look for patterns in vast data - including large collections of unstructured data - is presenting new potential applications for bolstering the security of patient information, says Navin Budhiraja of Infosys.
Leading the latest edition of the ISMG Security: A deep dive into the WikiLeaks release of thousands of documents that appear to lay open in detail the CIA's computer hacking techniques Report. Also, tackling the rise of attacks targeting the internet of things.
Implementing robust access controls in healthcare settings can be particularly challenging for several reasons. But Fisher-Titus Medical Center is making progress in strengthening authentication and other security controls, says Peter Jacob, the hospital's manager of IT operations.
When it comes to massive DDoS attacks powered by the likes of a Mirai botnet, "the sky is not falling," says ESET security researcher Cameron Camp. But organizations do need to prepare - and here's where to start.
A look at the return of the Crypt0L0cker ransomware leads the latest edition of the ISMG Security Report. Also, assuring the security of medical devices; and U.S. federal prosecutors drop charges against a child porn suspect rather than reveal the hacking technique used to ensnare him.
To meet the increasing customer demands for effective solutions, security vendors must ensure their products work together well, says Dr. Mike Lloyd of RedSeal. This is particularly essential to achieving "digital resilience," the ability to promptly detect and respond to network intrusions, he says.
With Verizon's data breach investigations team finding that 90 percent of breaches trace to a phishing or other social engineering attack, lead investigator Chris Novak says that using multifactor authentication should be a no-brainer for all organizations.
When trying to detect which security events are malicious, analysts have long battled signal-to-noise problems. LogRhythm's James Carder describes how behavioral analytics, case management, security automation and threat intelligence can help.
The European Union's General Data Protection Regulation, which will be enforced beginning in May 2018, will affect organizations throughout the world because it applies to any company that handles Europeans' personal data, says Fred Kost of HyTrust.
Leading the latest edition of the ISMG Security Report: The death of former White House Cybersecurity Coordinator Howard Schmidt, and a report on legislation to strengthen the influence of the National Institute of Standards and Technology on federal civilian agencies.